Allow access from a PWA (CORS headers)

[alensiljak]

Discussion: https://openziti.discourse.group/t/webdav-with-cors/1967

I'd like to be able to use WebDAV interface from a Progressive Web Application (PWA) but that will require explicitly allowing access via CORS headers on the server side. Additionally, it will also require explicitly allowing the WebDAV headers when CORS is active.
Just recently added this to rclone, so hopefully this helps: rclone/rclone#7495

Basically, origin, methods, and headers need to be specified for WebDAV access. Origin for web.

Resources:

• https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

[michaelquigley]

I think I remember a discourse thread talking about this where this request was described as needed to apply to a single, private zrok access private, rather than to the public frontend. Can we confirm the scope of this feature request?

Adding this capability to a single zrok access private instance is an order of magnitude simpler than making it available on a large, shared, public frontend.

Considering Ziti provides a tunnel, I would mostly recommend using this in private mode

[alensiljak]

At the moment, I would use this in private mode as it is much safer and satisfies my use case completely.
Should different needs arise, it would then be easier to provide more detailed requirements based on a real use case rather than hypothetically.
Thank you!

[michaelquigley]

Fair enough. Will backlog this to get knocked out within zrok access private fairly soon.

[michaelquigley]

In v0.4.39 the zrok access private command has a new flag (--response-header), which allows for adding arbitrary HTTP headers to the response for HTTP-based backend modes. This should cover this scenario, along with other uses.